diff --git a/README.md b/README.md
index 8c625566..479c04bd 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,7 @@ The MongoDB MCP Server can be configured using multiple methods, with the follow
 | `connectionString` | MongoDB connection string for direct database connections (optional users may choose to inform it on every tool call) |
 | `logPath`          | Folder to store logs                                                                                                  |
 | `disabledTools`    | An array of tool names, operation types, and/or categories of tools that will be disabled.                            |
+| `readOnly`         | When set to true, only allows read and metadata operation types, disabling create/update/delete operations            |
 
 #### `logPath`
 
@@ -181,6 +182,19 @@ Operation types:
 - `read` - Tools that read resources, such as find, aggregate, list clusters, etc.
 - `metadata` - Tools that read metadata, such as list databases, list collections, collection schema, etc.
 
+#### Read-Only Mode
+
+The `readOnly` configuration option allows you to restrict the MCP server to only use tools with "read" and "metadata" operation types. When enabled, all tools that have "create", "update" or "delete" operation types will not be registered with the server.
+
+This is useful for scenarios where you want to provide access to MongoDB data for analysis without allowing any modifications to the data or infrastructure.
+
+You can enable read-only mode using:
+
+- **Environment variable**: `export MDB_MCP_READ_ONLY=true`
+- **Command-line argument**: `--readOnly`
+
+When read-only mode is active, you'll see a message in the server logs indicating which tools were prevented from registering due to this restriction.
+
 ### Atlas API Access
 
 To use the Atlas API tools, you'll need to create a service account in MongoDB Atlas:
@@ -221,6 +235,7 @@ export MDB_MCP_API_CLIENT_SECRET="your-atlas-client-secret"
 export MDB_MCP_CONNECTION_STRING="mongodb+srv://username:password@cluster.mongodb.net/myDatabase"
 
 export MDB_MCP_LOG_PATH="/path/to/logs"
+
 ```
 
 #### Command-Line Arguments
diff --git a/src/config.ts b/src/config.ts
index dabfd789..676247a5 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -20,6 +20,7 @@ export interface UserConfig {
         timeoutMS: number;
     };
     disabledTools: Array<string>;
+    readOnly?: boolean;
 }
 
 const defaults: UserConfig = {
@@ -32,6 +33,7 @@ const defaults: UserConfig = {
     },
     disabledTools: [],
     telemetry: "disabled",
+    readOnly: false,
 };
 
 export const config = {
diff --git a/src/logger.ts b/src/logger.ts
index cb127568..b14e073a 100644
--- a/src/logger.ts
+++ b/src/logger.ts
@@ -124,6 +124,11 @@ class McpLogger extends LoggerBase {
     }
 
     log(level: LogLevel, _: MongoLogId, context: string, message: string): void {
+        // Only log if the server is connected
+        if (!this.server?.isConnected()) {
+            return;
+        }
+
         void this.server.server.sendLoggingMessage({
             level,
             data: `[${context}]: ${message}`,
diff --git a/src/server.ts b/src/server.ts
index 46786164..3d4802f3 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -35,6 +35,7 @@ export class Server {
 
     async connect(transport: Transport) {
         this.mcpServer.server.registerCapabilities({ logging: {} });
+
         this.registerTools();
         this.registerResources();
 
@@ -115,6 +116,8 @@ export class Server {
 
         if (command === "start") {
             event.properties.startup_time_ms = commandDuration;
+            event.properties.read_only_mode = this.userConfig.readOnly || false;
+            event.properties.disallowed_tools = this.userConfig.disabledTools || [];
         }
         if (command === "stop") {
             event.properties.runtime_duration_ms = Date.now() - this.startTime;
diff --git a/src/telemetry/types.ts b/src/telemetry/types.ts
index bd1ef2a1..5199590f 100644
--- a/src/telemetry/types.ts
+++ b/src/telemetry/types.ts
@@ -47,6 +47,8 @@ export interface ServerEvent extends BaseEvent {
         reason?: string;
         startup_time_ms?: number;
         runtime_duration_ms?: number;
+        read_only_mode?: boolean;
+        disabled_tools?: string[];
     } & BaseEvent["properties"];
 }
 
diff --git a/src/tools/tool.ts b/src/tools/tool.ts
index 9066f02f..f8091deb 100644
--- a/src/tools/tool.ts
+++ b/src/tools/tool.ts
@@ -9,7 +9,7 @@ import { UserConfig } from "../config.js";
 
 export type ToolArgs<Args extends ZodRawShape> = z.objectOutputType<Args, ZodNever>;
 
-export type OperationType = "metadata" | "read" | "create" | "delete" | "update" | "cluster";
+export type OperationType = "metadata" | "read" | "create" | "delete" | "update";
 export type ToolCategory = "mongodb" | "atlas";
 
 export abstract class ToolBase {
@@ -109,7 +109,11 @@ export abstract class ToolBase {
     // Checks if a tool is allowed to run based on the config
     protected verifyAllowed(): boolean {
         let errorClarification: string | undefined;
-        if (this.config.disabledTools.includes(this.category)) {
+
+        // Check read-only mode first
+        if (this.config.readOnly && !["read", "metadata"].includes(this.operationType)) {
+            errorClarification = `read-only mode is enabled, its operation type, \`${this.operationType}\`,`;
+        } else if (this.config.disabledTools.includes(this.category)) {
             errorClarification = `its category, \`${this.category}\`,`;
         } else if (this.config.disabledTools.includes(this.operationType)) {
             errorClarification = `its operation type, \`${this.operationType}\`,`;
diff --git a/tests/integration/server.test.ts b/tests/integration/server.test.ts
index 341502c5..b9072dca 100644
--- a/tests/integration/server.test.ts
+++ b/tests/integration/server.test.ts
@@ -52,4 +52,32 @@ describe("Server integration test", () => {
             });
         });
     });
+
+    describe("with read-only mode", () => {
+        const integration = setupIntegrationTest(() => ({
+            ...config,
+            readOnly: true,
+            apiClientId: "test",
+            apiClientSecret: "test",
+        }));
+
+        it("should only register read and metadata operation tools when read-only mode is enabled", async () => {
+            const tools = await integration.mcpClient().listTools();
+            expectDefined(tools);
+            expect(tools.tools.length).toBeGreaterThan(0);
+
+            // Check that we have some tools available (the read and metadata ones)
+            expect(tools.tools.some((tool) => tool.name === "find")).toBe(true);
+            expect(tools.tools.some((tool) => tool.name === "collection-schema")).toBe(true);
+            expect(tools.tools.some((tool) => tool.name === "list-databases")).toBe(true);
+            expect(tools.tools.some((tool) => tool.name === "atlas-list-orgs")).toBe(true);
+            expect(tools.tools.some((tool) => tool.name === "atlas-list-projects")).toBe(true);
+
+            // Check that non-read tools are NOT available
+            expect(tools.tools.some((tool) => tool.name === "insert-one")).toBe(false);
+            expect(tools.tools.some((tool) => tool.name === "update-many")).toBe(false);
+            expect(tools.tools.some((tool) => tool.name === "delete-one")).toBe(false);
+            expect(tools.tools.some((tool) => tool.name === "drop-collection")).toBe(false);
+        });
+    });
 });